For those who may be interested, my real problem was the the back button
bypassing authentication.
The finall resolution was to disable Caching in code on the Form_Load event
(it must run on every form load event); and to compare time stamps (one in
view state and one in Session State) in the form load event to verify they
are the same.
Works great (Ref: Murach's ASP.Net, Chapter 19, "Back-Button Control")
Disable Cache on Form_Load event
Response.Cache.SetCacheability(HttpCacheability.No Cache)
Response.Cache.SetExpires(Now().AddSeconds(-1)
Response.Cache.SetNoStore()
Response.AddHeader("Pragma", "no-cache")
If IsExpired() then
Response.Redirect("expired.aspx")
Else
SaveTimeStamps()
End If
Private Function IsExpired() as Boolean
If Session("Doc_TimeStamp") Is Nothing then
return False
elseif ViewState("TimeStamp") Is Nothing then
return False
elseif ViewState("TimeStamp").ToString = Session("Doc_TimeStamp").ToString
then
return False
else
return True
End If
End Function
Private Sub SaveTimeStamps()
Dim dTime as DateTime = Now()
ViewState.Add("TimeStamp"), dTime)
Session.Add("Doc_TimeStamp"), dTime)
End Sub
Hope this helps someone else.
"kermit" wrote:
> Thank you for your response.
>
> I put opener.close() in today.
> It does what I want, if I could just get rid of the 'are you sure' message.
>
> Learn something new everyday. I had never used Alt + arrow R/L before. I
> am working on a limited user intra net app. and I suspect most (none) know of
> the keyboard shortcut either.
>
> "Daniel Fisher(lennybacon)" wrote:
>
> > have you ever hit [alt] + [arrow left] ?
> >
> > what you can do is call
> >
> > opener.close();
> >
> > maybe...
> >
> > --
> > Daniel Fisher(lennybacon)
> > MCP ASP.NET C#
> > Blog: http://www.lennybacon.com/
> >
> >
> > "kermit" <> wrote in message
> > news:30EC95B8-949F-4F6E-875B-...
> > > Hi,
> > > I am hoping this is a foolish or simple question.
> > > I am creating a multiuser app. consisit of a login page and a dataentry
> > > page. If the user leaves the data entry page (other than exiting the
> > > browser). I want them to 'have' to go back through the login screen and
> > > re-login.
> > >
> > > My problem is the browser's (IE 6) Back and Forward buttons.
> > > If the user clicks the Back button from the data entry screen they go to
> > > the
> > > login in screen and if they click the Forward button from there, they
> > > arrive
> > > at the data entry screen without loggin in.
> > > I have tried messing with cache and cannot seem to prevent this.
> > >
> > > For now I have them enter the app via a html page (splach screen) which
> > > then
> > > does an open.window to launch the app in a chrome-less window. Works
> > > great,
> > > but I have the initial splash screen html page still open.
> > >
> > > All suggestions are appreciated! I know I must be missing something in
> > > the
> > > security concept.
> >
> >
> >
Similar Threads
